Posture
critical
0
high
5
medium
4
low
7
Ownership
Findings (17)
low
SSRF in webhook fetcher
ProwlerCSPM
triaged
8.4
high
Race condition in payment idempotency
Contrast RASPRASP
triaged
9.6
low
Open Redis without auth
TrivyContainer
open
9.8
medium
SQL Injection in user-input handler
SemgrepSAST
false positive
8.9
low
Excessive Kubernetes RBAC privileges
CheckmarxSAST
open
7.1
medium
Missing CSP header on auth pages
Contrast RASPRASP
open
8.3
medium
Outdated lodash with prototype pollution
GrypeContainer
false positive
5.1
info
Race condition in payment idempotency
tfsecIaC
accepted
4.7
high
Missing rate limiting on /login
tfsecIaC
open
4.2
low
SQL Injection in user-input handler
SnykSCA
open
7.9
high
Outdated lodash with prototype pollution
GrypeContainer
open
5.3
low
Hardcoded AWS access key in source
CheckmarxSAST
false positive
7.1
high
Insecure deserialization in message queue consumer
CheckovIaC
open
5.4